From e860a4fbf1abc8ba96c4cd6c00e8f6efd6510d50 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 26 Jan 2024 14:58:51 +0100 Subject: [PATCH] fix is_ssl() check There was a global statement missing? This seems to have to been broken in one of the recent merges. Tests have been cleaned up but not changes in logic. --- _test/tests/inc/init_checkssl.test.php | 229 +++++++++++++++++---------------- inc/init.php | 2 + 2 files changed, 121 insertions(+), 110 deletions(-) rewrite _test/tests/inc/init_checkssl.test.php (71%) diff --git a/_test/tests/inc/init_checkssl.test.php b/_test/tests/inc/init_checkssl.test.php dissimilarity index 71% index 4ee123d02..504e6cc48 100644 --- a/_test/tests/inc/init_checkssl.test.php +++ b/_test/tests/inc/init_checkssl.test.php @@ -1,110 +1,119 @@ -assertEquals(is_ssl(), true); - } - - /** - * Running behind an SSL proxy, HTTP between server and proxy - * Proxy (REMOTE_ADDR) is not matched by default trustedproxy config regex - * HTTPS not set - * HTTP_X_FORWARDED_PROTO - * set to https - */ - function test1b() { - global $conf; - $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; - $_SERVER['REMOTE_ADDR'] = '8.8.8.8'; - $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'; - - $this->assertEquals(is_ssl(), false); - } - - /** - * Running behind a plain HTTP proxy, HTTP between server and proxy - * HTTPS not set - * HTTP_X_FORWARDED_PROTO set to http - */ - function test2() { - global $conf; - $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; - $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http'; - - $this->assertEquals(is_ssl(), false); - } - - /** - * Running behind an SSL proxy, HTTP between server and proxy - * HTTPS set to off, - * HTTP_X_FORWARDED_PROTO set to https - */ - function test3() { - global $conf; - $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; - $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'; - $_SERVER['HTTPS'] = 'off'; - - $this->assertEquals(is_ssl(), true); - } - - /** - * Not running behind a proxy, HTTPS server - * HTTPS set to on, - * HTTP_X_FORWARDED_PROTO not set - */ - function test4() { - $_SERVER['HTTPS'] = 'on'; - - $this->assertEquals(is_ssl(), true); - } - - /** - * Not running behind a proxy, plain HTTP server - * HTTPS not set - * HTTP_X_FORWARDED_PROTO not set - */ - function test5() { - $this->assertEquals(is_ssl(), false); - } - - /** - * Not running behind a proxy, plain HTTP server - * HTTPS set to off - * HTTP_X_FORWARDED_PROTO not set - */ - function test6() { - $_SERVER['HTTPS'] = 'off'; - $this->assertEquals(is_ssl(), false); - } - - /** - * Running behind an SSL proxy, SSL between proxy and HTTP server - * HTTPS set to on, - * HTTP_X_FORWARDED_PROTO set to https - */ - function test7() { - global $conf; - $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; - $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'; - $_SERVER['HTTPS'] = 'on'; - - $this->assertEquals(is_ssl(), true); - } -} +assertTrue(is_ssl()); + } + + /** + * Running behind an SSL proxy, HTTP between server and proxy + * Proxy (REMOTE_ADDR) is not matched by default trustedproxy config regex + * HTTPS not set + * HTTP_X_FORWARDED_PROTO + * set to https + */ + function test1b() + { + global $conf; + $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; + $_SERVER['REMOTE_ADDR'] = '8.8.8.8'; + $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'; + + $this->assertFalse(is_ssl()); + } + + /** + * Running behind a plain HTTP proxy, HTTP between server and proxy + * HTTPS not set + * HTTP_X_FORWARDED_PROTO set to http + */ + function test2() + { + global $conf; + $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http'; + + $this->assertFalse(is_ssl()); + } + + /** + * Running behind an SSL proxy, HTTP between server and proxy + * HTTPS set to off, + * HTTP_X_FORWARDED_PROTO set to https + */ + function test3() + { + global $conf; + $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'; + $_SERVER['HTTPS'] = 'off'; + + $this->assertTrue(is_ssl()); + } + + /** + * Not running behind a proxy, HTTPS server + * HTTPS set to on, + * HTTP_X_FORWARDED_PROTO not set + */ + function test4() + { + $_SERVER['HTTPS'] = 'on'; + + $this->assertTrue(is_ssl()); + } + + /** + * Not running behind a proxy, plain HTTP server + * HTTPS not set + * HTTP_X_FORWARDED_PROTO not set + */ + function test5() + { + $this->assertFalse(is_ssl()); + } + + /** + * Not running behind a proxy, plain HTTP server + * HTTPS set to off + * HTTP_X_FORWARDED_PROTO not set + */ + function test6() + { + $_SERVER['HTTPS'] = 'off'; + $this->assertFalse(is_ssl()); + } + + /** + * Running behind an SSL proxy, SSL between proxy and HTTP server + * HTTPS set to on, + * HTTP_X_FORWARDED_PROTO set to https + */ + function test7() + { + global $conf; + $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'; + $_SERVER['HTTPS'] = 'on'; + + $this->assertTrue(is_ssl()); + } +} diff --git a/inc/init.php b/inc/init.php index 153850dfa..85568894c 100644 --- a/inc/init.php +++ b/inc/init.php @@ -542,6 +542,8 @@ function getBaseURL($abs = null) */ function is_ssl() { + global $conf; + // check if we are behind a reverse proxy if ( (!empty($conf['trustedproxy'])) && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) -- 2.11.4.GIT